P
US9747470B2ActiveUtilityPatentIndex 71

Secure data processing method and use in biometry

Assignee: MORPHOPriority: Mar 11, 2013Filed: Mar 11, 2014Granted: Aug 29, 2017
Est. expiryMar 11, 2033(~6.7 yrs left)· nominal 20-yr term from priority
Inventors:PATEY ALAINBRINGER JULIEN
G06F 21/71G06F 21/77G06F 21/32H04L 2209/50H04L 2209/04H04L 9/3231H04L 63/0861G06K 2009/00932G06K 9/00885G06V 40/172G06V 40/10G06V 40/14
71
PatentIndex Score
5
Cited by
14
References
9
Claims

Abstract

The invention relates to a processing method, including the calculation of one function between a datum to be compared and a reference datum. The function can be written in the form of a sum of: a term that depends on the datum to be compared, a term that depends on the reference datum, and a polynomial, such that all the monomials of the polynomial include at least one coordinate of each datum. The method includes an initialization step including: generating masking data; scrambling reference data by means of a server unit on the basis of said masking data; and calculating, by means of a client unit, the term of the function that depends on the datum to be compared. The method also includes steps for executing the calculation of the function between the datum to be compared and the reference datum, indexed by an index c, during which: the client unit sends the coordinates of the datum to be compared to a secure component, which returns said datum, in a masked form, to said component; the client unit retrieves, from the server unit, the reference datum, indexed by the index c and scrambled by the masking data; and on the basis of the data obtained from the secure component and the server unit, the client unit calculates the sum of the term of the function that depends solely on the reference datum and the polynomial term and adds, to said sum, the term that depends on the datum to be compared, such as to obtain the result of the function.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method for authentication or identification of an individual by comparing an acquired biometric datum (y) of the individual to at least one biometric reference data (x 1 , . . . , x N ) acquired on listed individuals, wherein said comparing is carried out by a secure data-processing system including:
 a) a server-unit ( 10 ) including a processor and storing the biometric reference data (x 1 , . . . , x N ) in a server memory, 
 b) a client-unit ( 20 ) including a processor and storing the biometric datum (y), and an index c of the at least one biometric reference data (x 1 , . . . , x N ) in a client memory, and 
 c) a secure component ( 30 ), wherein said secure component is an integrated circuit card including a secure component memory, 
 the method comprising: 
 calculating a function (f) between the biometric datum (y) and the at least one biometric reference data (x 1 , . . . , x N ) indexed by an index c, the function (f) expressed as a sum of:
 a term (f 2 ) dependent only on the biometric datum (y), 
 a term (f 1 ) dependent only on the biometric reference data (x 1 , . . . , x N ), and 
 a polynomial term having variables which are coordinates of the biometric datum (y) and the biometric reference data (x i , . . . , x N ) indexed by the index c, such that each monomial of the polynomial term includes at least one coordinate of each of the biometric datum (y) and the biometric reference data (x 1 , . . . , x N ) indexed by the index c, 
 
 the method further including an initialization step ( 1000 ) comprising:
 i) generating ( 1100 ) masking data by the server-unit ( 10 ), or jointly by the server-unit ( 10 ) and the secure component ( 30 ), 
 ii) integrating ( 1200 ) the secure component ( 30 ) into the client-unit ( 20 ), 
 iii) scrambling ( 1300 ) the biometric reference data (x 1 , . . . x N ) by the server-unit using said masking data, and 
 iv) calculating ( 1400 ), by the client-unit ( 20 ), the term (f 2 ) dependent only on the biometric datum (y), 
 
 the method further including execution ( 2000 ) steps for calculating the function (f) comprising:
 the client-unit ( 20 ) sending ( 2100 ) the coordinates of the biometric datum (y) to the secure component, which returns the coordinates as masked using the masking data, 
 the client-unit retrieving ( 2200 ) from the server-unit the biometric reference data (x 1 , . . . , x N ) indexed by the index c scrambled by the masking data, and 
 from data obtained from the secure component and the server-unit, the client-unit calculating ( 2300 ) the sum of the term (f 1 ) dependent only on the biometric reference data, and the polynomial term, and adding to said sum the term (f 2 ) dependent only to the biometric datum to obtain the result of the function (f), 
 wherein when said result is less than a predetermined threshold, said result is considered to be that of the individual. 
 
 
     
     
       2. The method according to  claim 1 , wherein the function is the squared Euclidian distance between the datum to be compared (y) and the biometric reference data indexed by the index c. 
     
     
       3. The method according to  claim 1 , wherein the masking data are generated randomly, by the secure component ( 30 ) and/or the server-unit ( 10 ), the masking data integrated to the secure component comprising a first set s and a second set r, and the masking data held by the server-unit comprising the first set s, and a third set having elements which are the inverse of the elements of the set r. 
     
     
       4. The method according to  claim 1 , wherein the recovery step ( 2200 ), by the client-unit ( 20 ), of the reference datum indexed by the index c scrambled from masking data is conducted by oblivious transfer. 
     
     
       5. The method according to  claim 1 , wherein the biometric reference data (x 1 , . . . , x N ) and the datum (y) to be compared are biometric data resulting from the digital acquisition of biometric traits of individuals. 
     
     
       6. The method according to  claim 1 , further comprising initializing said secure component, said initializing including:
 randomly generating a set of data r and a set of data s, such that the server-unit ( 10 ) stores said data r and said data s and the secure component ( 30 ) stores said data s, and a set of data elements which are the inverse of the elements of the data r, and 
 integrating said secure component into a processing unit forming a client-unit of the server-unit. 
 
     
     
       7. A data-processing method executed by a processing unit ( 10 ) holding N reference data (x 1 , . . . , x N ), for execution of the processing method according to  claim 1 , during which said server unit processor:
 inserts said masking data into the secure component, or loads onto the secure component an initialization key enabling generation by the secure component of pseudo-random numbers ( 1050 ), and 
 scrambles ( 1300 ) the biometric reference data from said masking data. 
 
     
     
       8. The system for authentication or identification according to  claim 1 , wherein the client-unit is an electronic device personal to the individual to be identified or authenticated, and the secure component ( 30 ) is a smart card. 
     
     
       9. A non-transitory computer program product comprising program code instructions for executing a method for authentication or identification of an individual by comparing an acquired biometric datum (y) of the individual to at least one biometric reference data (x 1 , . . . , x N ) acquired on listed individuals wherein said comparing is carried out by a secure data-processing system including:
 a) a server-unit ( 10 ) including a processor and storing the biometric reference data (x 1 , . . . x N ) in a server memory, 
 b) a client-unit ( 20 ) including a processor and storing the biometric datum (y), and an index c of the at least one biometric reference data (x 1 , . . . x N ) in a client memory, and 
 c) a secure component ( 30 ), wherein said secure component is an integrated circuit card including a secure component memory, 
 the method comprising: 
 calculating a function (f) between the biometric datum (y) and the at least one biometric reference data (x 1 , . . . x N ) indexed by an index c, the function (f) expressed as a sum of: 
 a term (f 2 ) dependent only on the biometric datum (y), 
 a term (f 1 ) dependent only on the biometric reference data (x 1 , . . . x N ), and 
 a polynomial term having variables which are coordinates of the biometric datum (y) and the biometric reference data (x 1 , . . . x N ) indexed by the index c, such that each monomial of the polynomial term includes at least one coordinate of each of the biometric datum (y) and the biometric reference data (x 1 , . . . x N ) indexed by the index c, 
 the method further including an initialization step ( 1000 ) comprising: 
 i) generating ( 1100 ) masking data by the server-unit ( 10 ), or jointly by the server-unit ( 10 ) and the secure component ( 30 ), 
 ii) integrating ( 1200 ) the secure component ( 30 ) into the client-unit ( 20 ), 
 iii) scrambling ( 1300 ) the biometric reference data (x 1 , . . . x N ) by the server-unit using said masking data, and 
 iv) calculating ( 1400 ), by the client-unit ( 20 ), the term (f 2 ) dependent only on the biometric datum (y), 
 the method further including execution ( 2000 ) steps for calculating the function (f) comprising: 
 the client-unit ( 20 ) sending ( 2100 ) the coordinates of the biometric datum (y) to the secure component, which returns the coordinates as masked using the masking data, 
 the client-unit retrieving ( 2200 ) from the server-unit the biometric reference data (x 1 , . . . x N ) indexed by the index c scrambled by the masking data, and 
 from data obtained from the secure component and the server-unit, the client-unit calculating ( 2300 ) the sum of the term (f 1 ) dependent only on the biometric reference data, and the polynomial term, and adding to said sum the term (f 2 ) dependent only to the biometric datum to obtain the result of the function (f), 
 wherein when said result is less than a predetermined threshold, said result is considered to be that of the individual.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.